mirror of https://github.com/c-ares/c-ares.git
bradh352
3 years ago
parent
7586c5f19f
commit
800e4727d1
4 changed files with 70 additions and 78 deletions
@ -1,83 +1,75 @@ |
||||
c-ares version 1.17.2 |
||||
c-ares version 1.18.0 |
||||
|
||||
This is a security and bugfix release. It addresses a few security related |
||||
issues along with various bugfixes mostly related to portability. |
||||
|
||||
Security: |
||||
o NodeJS passes NULL for addr and 0 for addrlen to ares_parse_ptr_reply() on |
||||
systems where malloc(0) returns NULL. This would cause a crash. [8] |
||||
o When building c-ares with CMake, the RANDOM_FILE would not be set and |
||||
therefore downgrade to the less secure random number generator [12] |
||||
o If ares_getaddrinfo() was terminated by an ares_destroy(), it would cause |
||||
a crash [13] |
||||
o Crash in sortaddrinfo() if the list size equals 0 due to an unexpected |
||||
DNS response [14] |
||||
o Expand number of escaped characters in DNS replies as per RFC1035 5.1 to |
||||
prevent spoofing [16], [17] |
||||
o Perform validation on hostnames to prevent possible XSS due to applications |
||||
not performing valiation themselves [18] |
||||
This is a feature and bugfix release. It addresses a couple of new feature |
||||
requests as well as a couple of bug fixes. |
||||
|
||||
Changes: |
||||
o Use non-blocking /dev/urandom for random data to prevent early startup |
||||
performance issues [5] |
||||
o z/OS port [6] |
||||
o ares_malloc(0) is now defined behavior (returns NULL) rather than |
||||
system-specific to catch edge cases [7] |
||||
o Add support for URI(Uniform Resource Identifier) records via |
||||
ares_parse_uri_reply() [1] |
||||
o Provide ares_nameser.h as a public interface as needed by NodeJS [5] |
||||
o Update URLs from c-ares.haxx.se to c-ares.org [9] |
||||
o During a domain search, treat ARES_ENODATA as ARES_NXDOMAIN so that the |
||||
search process will continue to the next domain in the search. [11] |
||||
o Turn ares_gethostbyname() into a wrapper for ares_getaddrinfo() as they |
||||
followed very similar code paths and ares_gethostbyaddr() has some more |
||||
desirable features such as priority sorting and parallel queries for |
||||
AF_UNSPEC. [12] |
||||
o ares_getaddrinfo() now contains a name element in the address info |
||||
structure as the last element. This is not an API or ABI break due to |
||||
the structure always being internally allocated and it being the last |
||||
element. [12] |
||||
o ares_parse_a_reply() and ares_parse_aaaa_reply() were nearly identical, those |
||||
now use the same helper functions for parsing rather than having their own |
||||
code. [12] |
||||
o RFC6761 Section 6.3 says "localhost" lookups need to be special cased to |
||||
return loopback addresses, and not forward queries to recursive dns servers. |
||||
On Windows this now returns all loopback addresses, on other systems it |
||||
returns 127.0.0.1 or ::1 always, and will never forward a request for |
||||
"localhost" to outside DNS servers. [13] |
||||
o Haiki: port [14] |
||||
|
||||
Bug fixes: |
||||
o Fuzz testing files were not distributed with official archives [1] |
||||
o Building tests should not force building of static libraries except on |
||||
Windows [2] |
||||
o Windows builds of the tools would fail if built as static due to a missing |
||||
CARES_STATICLIB definition [3] |
||||
o Relative headers must use double quotes to prevent pulling in a system |
||||
library [4] |
||||
o Fix OpenBSD building by implementing portability updates for including |
||||
arpa/nameser.h [9] |
||||
o Fix building out-of-tree for autotools [10] |
||||
o Make install on MacOS/iOS with CMake was missing the bundle destination so |
||||
libraries weren't actually installed [11] |
||||
o Fix retrieving DNS server configuration on MacOS and iOS if the configuration |
||||
did not include search domains [15] |
||||
o ares_parse_a_reply and ares_parse_aaa_reply were erroneously using strdup() |
||||
instead of ares_strdup() [19] |
||||
|
||||
o add build to .gitignore [2] |
||||
o z/OS minor update, add missing semicolon in ares_init.c [3] |
||||
o Fix building when latest ax_code_coverage.m4 is imported [4] |
||||
o Work around autotools 'error: too many loops' and other newer autotools |
||||
import related bugs. |
||||
o MinGW cross builds need advapi32 link as lower case [6] |
||||
o Cygwin build fix due to containing both socket.h and winsock2.h [7] |
||||
o ares_expand_name should allow underscores (_) as SRV records legitimately use |
||||
them [8] |
||||
o Allow '/' as a valid character for a returned name for CNAME in-addr.arpa |
||||
delegation [10] |
||||
o ares_getaddrinfo() was not honoring HOSTALIASES [12] |
||||
o ares_getaddrinfo() had some test cases disabled due to a bug in the test |
||||
framework itself which has now been resolved [12] |
||||
o Due to Travis-CI becoming unfriendly to open-source, Cirrus-CI has now been |
||||
brought online for automated unit testing. |
||||
|
||||
Thanks go to these friendly people for their efforts and contributions: |
||||
Anton Danielsson (@anton-danielsson) |
||||
Biswapriyo Nath (@Biswa96) |
||||
Brad House (@bradh352) |
||||
Daniel Bevenius (@danbev) |
||||
Daniel Stenberg (@bagder) |
||||
Dhrumil Rana (@dhrumilrana) |
||||
František Dvořák (@valtri) |
||||
@halx99 |
||||
Jay Freeman (@saurik) |
||||
Jean-pierre Cartal (@jeanpierrecartal) |
||||
Michael Kourlas |
||||
Philipp Jeitner |
||||
@vburdo |
||||
(11 contributors) |
||||
Felix Yan (@felixonmars) |
||||
Jérôme Duval (@korli) |
||||
Martin Holeš (@martin-256) |
||||
Sinan Kaya |
||||
(9 contributors) |
||||
|
||||
References to bug reports and discussions on issues: |
||||
[1] = https://github.com/c-ares/c-ares/issues/379 |
||||
[2] = https://github.com/c-ares/c-ares/issues/380 |
||||
[3] = https://github.com/c-ares/c-ares/issues/384 |
||||
[4] = https://github.com/c-ares/c-ares/pull/386 |
||||
[5] = https://github.com/c-ares/c-ares/pull/391 |
||||
[6] = https://github.com/c-ares/c-ares/pull/390 |
||||
[7] = https://github.com/c-ares/c-ares/commit/485fb66 |
||||
[8] = https://github.com/c-ares/c-ares/issues/392 |
||||
[9] = https://github.com/c-ares/c-ares/issues/388 |
||||
[10] = https://github.com/c-ares/c-ares/pull/394 |
||||
[11] = https://github.com/c-ares/c-ares/pull/395 |
||||
[12] = https://github.com/c-ares/c-ares/pull/397 |
||||
[13] = https://github.com/c-ares/c-ares/commit/df94703 |
||||
[14] = https://github.com/c-ares/c-ares/pull/400 |
||||
[15] = https://github.com/c-ares/c-ares/pull/401 |
||||
[16] = https://github.com/c-ares/c-ares/commit/362f91d |
||||
[17] = https://github.com/c-ares/c-ares/commit/44c009b |
||||
[18] = https://github.com/c-ares/c-ares/commit/c9b6c60 |
||||
[19] = https://github.com/c-ares/c-ares/pull/408 |
||||
|
||||
|
||||
|
||||
|
||||
[1] = https://github.com/c-ares/c-ares/pull/411 |
||||
[2] = https://github.com/c-ares/c-ares/pull/410 |
||||
[3] = https://github.com/c-ares/c-ares/pull/414 |
||||
[4] = https://github.com/c-ares/c-ares/pull/418 |
||||
[5] = https://github.com/c-ares/c-ares/pull/417 |
||||
[6] = https://github.com/c-ares/c-ares/pull/420 |
||||
[7] = https://github.com/c-ares/c-ares/pull/422 |
||||
[8] = https://github.com/c-ares/c-ares/issues/424 |
||||
[9] = https://github.com/c-ares/c-ares/issues/423 |
||||
[10] = https://github.com/c-ares/c-ares/issues/427 |
||||
[11] = https://github.com/c-ares/c-ares/issues/426 |
||||
[12] = https://github.com/c-ares/c-ares/pull/428 |
||||
[13] = https://github.com/c-ares/c-ares/pull/430 |
||||
[14] = https://github.com/c-ares/c-ares/pull/431 |
||||
|
||||
Loading…
Reference in new issue